Results 1 to 2 of 2

Thread: dazuko apparmor incompatibility.

  1. #1
    Join Date
    Jun 2008
    Location
    Kerala, India.
    Beans
    284
    Distro
    Ubuntu 12.04 Precise Pangolin

    Unhappy dazuko apparmor incompatibility.

    Hi! I'm Melvin from India.
    I installed AVG for linux workstation recently and compiled dazuko kernel module for real time file scanning in ubuntu 7.10.As root, i gave this code.
    Code:
    ./configure 
    make
    make test
    insmod dazuko.ko
    make install
    The error was that the module could not be inserted.
    Then, i gave this code:
    Code:
    sudo rmmod apparmor
    sudo insmod dazuko.ko
    and the dazuko module works, but the apparmor module can't be reloaded.
    How important is apparmor, what does it do and how to get it back working with dazuko?

  2. #2
    Join Date
    Aug 2005
    Beans
    462

    Re: dazuko apparmor incompatibility.

    all apparmor does is monitor the behaviour of programs to profile them, so if somekind of malware tries to modify something within the program to get itself running the malware will be stopped and logged. so there's no problem running dazuko without apparmor.

    to get it working with dazuko i think you have to compile the option in to it when you first install it!

    EDIT i found these links that may be the same problem (i know you're not using suse, but suse was the first distro to run apparmor) -
    http://computers-stuff.blogspot.com/...nsuse-102.html

    http://www.dazuko.org/tgen.shtml
    2.2 What are the known issues with SUSE Linux?

    Recent SuSE distributions (SUSE Linux 10, SLES 10, SLED 10) include and use AppArmor by default, which is why other modules cannot access the LSM API. This means that it is not possible to use Dazuko in its default configuration on these systems (because Dazuko by default uses the LSM interface on Linux 2.6 kernels).

    As of version 2.3.0 of Dazuko, you can use syscall hooking as an alternative to LSM for Linux 2.6 systems. If you require AppArmor, then you will need to use the syscall hooking method. This must be specified when configuring Dazuko:

    $ ./configure --enable-syscalls --mapfile=/path/to/mapfile

    The mapfile (System.map) is usually located in /boot and has the kernel version as a suffix.
    Last edited by ice60; July 24th, 2008 at 07:12 PM.
    Thanks to the forums staff for your dedication and hard work
    (the admins changed my sig to that lol )

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •